Project Description

Event Log Analyzer is a simple yet powerful tool to analyze event logs in Windows. It has features to group similar events together, give graphical view of distribution of events over time and in similarity. It is developed in C# and WPF and uses MVVM framework.

How to Use the Tool

Get the event logs from machine which you want to analyze

To get event logs, open Event Viewer (eventvwr) on the machine

Right on the Event name in left pane and select Save All Events As...

Save the events as an Xml file in an empty directory

You can save multiple event files in the folder that you want to analyze

Open the Event Log Analyzer tool

Provide the log files folder path at top and click on the Analyze button

The tool will show a graph of the event logs distribution at the bottom and the event file names on left panel

To see logs related to a common issue

Select radio button Sort X axis by -> Occurence at the bottom of the graph

The graph will show a yellow bar for a group of event log which are related to a common issue

If you click on any bar, the actual events will be added under the file names on the left panel

Selecting any event from the left panel which show its details in right top box

To see logs distributed in date and time

Select radio button Sort X axis by -> Date at the bottom of the graph

The graph will show yellow colored bar for each group of event logs which occur on the same date (or in the same hour of a day)

To search for logs with a particular text

Type the text in the Search box of graph

The Log groups which contain logs with the given text turn Red

Select the log group. On the left panel observe that the log containing the text turn Red

Now you can select the highlighted logs to see details

To drill down into the logs

Lets say you want to first find out the common logs which have the highest number of occurences and then see the distribution over time

Select Occurence in the graph

Right click on any yellow bar that you want to drill down

Another graph will open over the first one. This graph shows only those logs from selected group in first graph

Select Date in second graph. The logs are shown distributed in dates

If you want to now look at logs distribution over time on a particular date, right click again on any bar in the second graph

A third graph opens over second. Select Date again in that to see logs distributed over time

Now you can select any group in third graph, see the actual log entries on the left panel, select a log on the left panel and see its details on the details box in top right

To go back to previous graph, click on the second or first graph again

Screenshots

1 Loading Log xml files for parsing

2 Search

3 Drill down on Right click on bar in Graph

4 Multi level drill down

Future enhancements

This is only the first draft of the tool. A lot of enhancements will be made in next few days to it to make it more useful
Few of the items in pipeline are

Allow the tool to connect to the event viewer of a machine given the IP address of the machine

Hence no xml will need to be saved

This will allow for continuous monitoring of logs

Distribute logs by Level of criticality so that the user can concentrate on Error more than Information logs

Show trends of logs found over time. This will show common areas of concern which needs to be addressed on priority

Use multi-threaded UI to make avoid hanging when the Analysis takes time